Provisioning Nessus BYOL from the Microsoft Azure Marketplace

The Nessus BYOL is an instance of Nessus installed within Microsoft Azure that allows scanning of the Azure cloud environments and instances. Nessus BYOL capabilities include web application scanning and detection of vulnerabilities, compliance violations, misconfigurations, and malware.

Customers interested in leveraging Nessus BYOL to secure their environments and instances must first purchase a Nessus license either directly from the Tenable Store or from an authorized reseller. The license will provide an Activation Code to apply when provisioning Nessus from your Microsoft Azure account.

Enter Tenable in the search box and the Tenable Nessus (BYOL) instance will appear below.

Click Tenable Nessus (BYOL) to open the instance details. Choose an option under Select a deployment model and click Create to begin deployment of the Nessus BYOL virtual machine.

Enter the configuration information on the Basics screen and click OK. Refer to the Nessus BYOL Scanner Basics table for details.

Nessus BYOL Scanner Basics

Option

Description

Name

Descriptive name for the Nessus BYOL scanner.

VM disk type

Select between SSD and HDD drives.

User name

User account name used to access the Nessus BYOL scanner.

Authentication type

Select SSH public key.

SSH public key

Once generated, enter the SSH public key.

Subscription

Select the subscription to which the virtual machine will be added.

Resource group

Enter the name of a new Resource group or select an existing Resource group.

Location

Select the geographical location for the virtual machine.

Once the Basics information is entered, instance sizes and pricing are displayed. Scroll down to view all of the available options. Choose a desired virtual machine size by clicking on one of the displayed options and clicking Select.

On the Settings screen, enter the required information and click OK. Refer to the Nessus BYOL Scanner Settings table for details.

If you are deploying the instance into an Azure Virtual Network, you must ensure it can reach TCP port 8834 on an IP address associated with the instance. This is needed to complete the configuration process, as well as for the use of the product.

Configure the instance and/or the Azure Virtual Network so that Nessus can communicate with Tenable servers; this is required for registration and plugin updates. If for some reason this is not possible, please refer to the Tenable.io User Guide regarding off-line updates.

Generally, you will connect to the public IP address (or external hostname) associated with an instance. If you are connecting to Nessus over a VPN to an Azure Virtual Network, it may be the private IP address. The IP addresses associated with the instance can be found under the virtual machine Settings.

After the instance has initialized, open a browser and connect to the instance to complete the configuration. For example: https://<IP address or hostname>:8834

Note: Prior to scanning, you must request permission to conduct vulnerability and penetration testing on instances in the Microsoft Azure cloud environment. Please visit the following page to review the approval process and to submit a testing request: https://security-forms.azure.com/penetration-testing/terms.